PT-2013-1244 · Libraw+1 · Libraw+1

Raphael Geissert

Publicado

2013-09-15

Atualizado

2014-02-10

CVE-2013-1439

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libraw versions 0.13.x through 0.15.3 libraw version 0.15.x before 0.15.4

Description The issue affects the "faster LJPEG decoder" in libraw, allowing context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file. This can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely.

Recommendations For libraw versions 0.13.x through 0.15.3, update to version 0.15.4 or later. For libraw version 0.15.x before 0.15.4, update to version 0.15.4 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2014-1073

BDU:2015-09729

CVE-2013-1439

MGASA-2013-0301

MGASA-2013-0385

MGASA-2014-0050

USN-1964-1

USN-1978-1

Produtos afetados

Alt Linux

Libraw

PT-2013-1244 · Libraw+1 · Libraw+1

CVE-2013-1439

Identificadores relacionados

Produtos afetados

Referências · 27